Suppose another user created a classic schema and didnt want to share his user credentials which you used in creating USER PROVIDED SERVICE, In this case how will access shema or create a UPS...The solution you shown for UPS by giving user credentials will not work in 99% cases. Other than i must appreciate your granular level teachings, every new beginner always look for tutorials where he get to understand everything on granular level...Thanks for bringing this level of information for whole world👏👏👏
Someone is going to have a share a user and password with you in order for this to work. But it can't be a very limited use user with no interactive login set. For instance it might only contain the ability to grant a read only role to the target schema. The idea is that the owner of the foreign schema has control here. They choose how much access they want to give out. But this has to be done by them giving out a user that has whatever grant authorization they choose to allow. [Thomas Jung]
And to specific here - they should NEVER give out their own user credentials. You should ALWAYS create a specific user for this contract and it should be a technical user type that can not login. No one is suggesting that you ever ask another user for their own personal username and password to make this work. [Thomas Jung]
@@sapdevs Thanks for clarification Thomas, Highly appreciate it, I know you are an ocean of knowledge of SAP and i am jut a small drop of that ocean, But i still disagree on a approach where developers have to create their own Technical users or use any existing technical users where credentials have to be distributed with whatever authentication they need, In real project scenarios Developers are not allowed to create users or assign roles whatever they want in classic schemas. I may be thinking in a different direction and could be wrong as well but sharing credentials in any way should be consider as a good approach even though of technical user.
Thank you for a nice tutorial.. ! A question: User provided service definition is bit confusing.. if there are two HANA instances in a space then how it is determined which instance it connects to?
@@sapdevs Thank you very much!.. I now observed option of selecting the database instance when creating HANA Database project (hidden behind radiobutton for selecting default database).. so that links the HDI container connection. That raises the question.. what makes instance a default/primary database instance? I do not see this attribute while creating database instance or in HANA cloud central etc.. how to change default db instance? Appreciate your response!
@@artless-soul It isn't the default instance of a system - but instead this means the primary HDI container connection for the DB module you are in. When you create an HDI container instance (as part of any db module) it creates a connection to the HANA Database. Any User Provided Service used in grants and synonyms within the context of that db module will automatically use the database connection of the HDI container. [Thomas Jung]
Thanks Thomas for the steps, The read operation is working fine with the steps, But I would like to perform CRUD operation on couple of tables of a Classic Schema which I have already exposed as service in CAP. Can any one please help me on this.
@@sapdevs It will be so much helpful if you can share any sample code/ steps or documentation on this. I have created the Synonyms, Created the CV. The CV is exposed in Service.cds. Now in handler I am trying to use "await INSERT.into(, )", But here the confusion is how to define the Table name here in the handler JS file, I found the Synonym name or Calculation View name not work here.
If you want change operations why put a Calculation View on top of it? If you expose the table directly the generic handlers will perform the change SQL for you. Calculation Views are read only.
Hi ThomasHow can I make my Cap services public by having my data in sap hana cloud? I want my colleagues to be able to consume them from their browser. I have a trial account
As soon as you deploy the app to BTP runtime they are public. If you don't restrict them with XSUAA, then they are public and anonymously available by default. Although I would cerntainly suggest in most cases you want to add an application router and XSUAA to control access.
HANA Cloud specifically? Yes it can be started via the cf command line by sending an update-service with a JSON configuration to tell it to start. You can also use hana-cli developer tool and the hcStart command - github.com/SAP-samples/hana-developer-cli-tool-example#hcstart
Canary is an SAP internal landscape, so I assume you are an SAP employee. Best to discuss SAP internal only processes and systems on some internal forum and not here publicly on UA-cam.
The User Provided Service is only required at deploy time to perform the grants to the HDI container technical users. There is no need to propagate to the business user. That wouldn't make any sense. The runtime access will be done via the primary HDI container. [Thomas Jung]
Suppose another user created a classic schema and didnt want to share his user credentials which you used in creating USER PROVIDED SERVICE, In this case how will access shema or create a UPS...The solution you shown for UPS by giving user credentials will not work in 99% cases.
Other than i must appreciate your granular level teachings, every new beginner always look for tutorials where he get to understand everything on granular level...Thanks for bringing this level of information for whole world👏👏👏
Someone is going to have a share a user and password with you in order for this to work. But it can't be a very limited use user with no interactive login set. For instance it might only contain the ability to grant a read only role to the target schema. The idea is that the owner of the foreign schema has control here. They choose how much access they want to give out. But this has to be done by them giving out a user that has whatever grant authorization they choose to allow. [Thomas Jung]
And to specific here - they should NEVER give out their own user credentials. You should ALWAYS create a specific user for this contract and it should be a technical user type that can not login. No one is suggesting that you ever ask another user for their own personal username and password to make this work. [Thomas Jung]
@@sapdevs Thanks for clarification Thomas, Highly appreciate it, I know you are an ocean of knowledge of SAP and i am jut a small drop of that ocean, But i still disagree on a approach where developers have to create their own Technical users or use any existing technical users where credentials have to be distributed with whatever authentication they need, In real project scenarios Developers are not allowed to create users or assign roles whatever they want in classic schemas. I may be thinking in a different direction and could be wrong as well but sharing credentials in any way should be consider as a good approach even though of technical user.
Thank you for a nice tutorial.. ! A question: User provided service definition is bit confusing.. if there are two HANA instances in a space then how it is determined which instance it connects to?
It automatically uses the connection details of the primary HDI container connection. [Thomas Jung]
@@sapdevs Thank you very much!.. I now observed option of selecting the database instance when creating HANA Database project (hidden behind radiobutton for selecting default database).. so that links the HDI container connection. That raises the question.. what makes instance a default/primary database instance? I do not see this attribute while creating database instance or in HANA cloud central etc.. how to change default db instance? Appreciate your response!
@@artless-soul It isn't the default instance of a system - but instead this means the primary HDI container connection for the DB module you are in. When you create an HDI container instance (as part of any db module) it creates a connection to the HANA Database. Any User Provided Service used in grants and synonyms within the context of that db module will automatically use the database connection of the HDI container. [Thomas Jung]
Thanks Thomas for the steps, The read operation is working fine with the steps,
But I would like to perform CRUD operation on couple of tables of a Classic Schema which I have already exposed as service in CAP.
Can any one please help me on this.
It Create/Update/Delete works the same way with the proxy entity. GIve it a try.
@@sapdevs It will be so much helpful if you can share any sample code/ steps or documentation on this. I have created the Synonyms, Created the CV. The CV is exposed in Service.cds. Now in handler I am trying to use "await INSERT.into(, )",
But here the confusion is how to define the Table name here in the handler JS file, I found the Synonym name or Calculation View name not work here.
If you want change operations why put a Calculation View on top of it? If you expose the table directly the generic handlers will perform the change SQL for you. Calculation Views are read only.
Hi ThomasHow can I make my Cap services public by having my data in sap hana cloud? I want my colleagues to be able to consume them from their browser. I have a trial account
As soon as you deploy the app to BTP runtime they are public. If you don't restrict them with XSUAA, then they are public and anonymously available by default. Although I would cerntainly suggest in most cases you want to add an application router and XSUAA to control access.
@@sapdevs Perfect, I will make the adjustments. thank you for your reply. Regards.
Hi Thomas! Followed the Tutorials but now got an insufficient privileges error trying to 'CREATE SCHEMA "PLAIN"'... anything I can do here?
Got it, came from the HDI container but have to be within DB and DBADMIN.
is there any API to start the DB?
HANA Cloud specifically? Yes it can be started via the cf command line by sending an update-service with a JSON configuration to tell it to start. You can also use hana-cli developer tool and the hcStart command - github.com/SAP-samples/hana-developer-cli-tool-example#hcstart
How can i use SAP Business Application Studio on canary and not trail?
Canary is an SAP internal landscape, so I assume you are an SAP employee. Best to discuss SAP internal only processes and systems on some internal forum and not here publicly on UA-cam.
While create user provided services, password is hardcoded? is't this correct? How can we propagate the business user to database?
The User Provided Service is only required at deploy time to perform the grants to the HDI container technical users. There is no need to propagate to the business user. That wouldn't make any sense. The runtime access will be done via the primary HDI container. [Thomas Jung]
@@sapdevs Thanks you